Skip to content

Commit 1e52e4e

Browse files
committed
images
1 parent 5e013d2 commit 1e52e4e

File tree

4 files changed

+10
-3
lines changed

4 files changed

+10
-3
lines changed

articles/defender-for-iot/organizations/how-to-manage-cloud-alerts.md

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -147,11 +147,18 @@ The file is generated, and you're prompted to save it locally.
147147

148148
## Remediate aggregated alerts
149149

150-
To reduce alert fatigue, multiple versions of the same alert with identical parameters are listed as one item in the Alerts page. Investigate the alerts and then remediate them using the Learn tab.
150+
To reduce alert fatigue, multiple versions of the same alert with identical parameters are listed as one item in the Alerts page. As you investigate alerts, an aggregated alert is identified by the *Multiple violations* message that appears under the Source device IP. Use the **Violations** tab to investigate further and the **Take action** tab to remediate the alerts.
151+
152+
1. On the **Alerts** page, select an alert in the grid to display more details in the pane on the right.
153+
1. For an Aggregated alert the *Multiple violations* message appears underneath the Source device IP address, and the **ViolationCount** will contain a number above 0.
154+
155+
:::image type="content" source="media/how-to-manage-cloud-alerts/alert-details-aggregated.png" alt-text="Screenshot of the alerts detail pane showing the aggregated alerts message, the ViolationsCount and the Violations tab":::
151156

152-
1. On the **Alerts** page, select an alert in the grid to display more details in the pane on the right. How do we know from the table that this is an aggregated alert?<!-- is there a violations column or -->
153157
1. Select the **Violations** tab.
154-
1. Export the data to a CSV file using the **Export** button. Open the file and examine the data.
158+
1. Export the data to a CSV file using the **Export** button. Open the file and examine the data. For example:
159+
160+
:::image type="content" source="media/how-to-manage-cloud-alerts/alert-details-aggregated-csv.png" alt-text="Screenshot of the alerts detail pane showing the aggregated alerts message, the ViolationsCount and the Violations tab":::
161+
155162
1. Select the **Take action** tab. Follow the **Remediation steps**.
156163
1. Select the **Learn** button so that Defender for IoT learns that this doesn't need to create an alert item for this activity in the future.
157164

8.96 KB
Loading
533 KB
Loading
486 KB
Loading

0 commit comments

Comments
 (0)